Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Server does a automatic reboot after virus removal.

Answered Server does a automatic reboot after virus removal.

  • Friday, November 16, 2012 1:13 PM
     
     
    Sign In to Vote
    0

    Hi

    Is it normal behavior that when a virus is found by FEP 2010 the server do a automatic reboot?

    My problem is that I have a server with Terminal Services installed. The server was infected with virus and FEP 2010 removed the virus, so fare so good. But seconds after virus was removed, the server did a reboot. The connected users saw a message that said "The computer will shutdown in less than a minute".

    Is it possible to change this behavior?

    I can see in the Event log, that virus was removed and a reboot is required to remove the virus completly. So the reboot was not a bad thing, except that the users lost all their work, but I would like to do a controlled reboot.

    Regards

    Sronne

     

All Replies

  • Friday, November 16, 2012 2:13 PM
     
     Answered
    Sign In to Vote
    1

    I've seen this happen before on a workstation with a certain malware (Sirefef) that infected services.exe. It wasn't that FEP directly rebooted the server, it's that when services.exe was remediated, the system initiated a reboot because nothing running under a svchost can run without services.exe which would render the system unusable anyway. Does this scenario match what you're experiencing?

    • Marked As Answer by SRonne Friday, November 16, 2012 8:48 PM
    •  
     
  • Friday, November 16, 2012 8:47 PM
     
     
    Sign In to Vote
    0

    It was very much indeed what happend. One of the vira found was Sirefef. I have read about the behavior of Sirefef, but thought it was because of the virus removal and it was FEP that was the cause og the reboot.

    Thanks for your reply and clearing things up.